878 字
4 分钟
nginx
# Nginx 日常运维命令与配置速查
> 覆盖安装、启动、热更新、HTTPS、反向代理、负载均衡、缓存、压缩、限流、日志切割等高频场景,拿来即用。
---
## 1. 安装 & 启停
```bash# Ubuntu / Debiansudo apt update && sudo apt install -y nginx
# CentOS / RHELsudo yum install -y epel-release && sudo yum install -y nginx
# 设为开机自启并立即启动sudo systemctl enable --now nginx
# 平滑重载配置(**不断连接**)sudo nginx -t # 先检查语法sudo nginx -s reload
# 快速停止 / 启动sudo nginx -s quit # 优雅退出sudo nginx # 直接启动2. 配置结构速览
/etc/nginx/├── nginx.conf # 主配置├── conf.d/ # 自定义 *.conf 自动引入├── sites-available/ # Ubuntu 风格:放置虚拟主机├── sites-enabled/ # sites-available 的软链,真正生效└── snippets/ # 可复用代码段(ssl-params、proxy 头 等)3. 虚拟主机模板
server { listen 80; listen [::]:80; server_name example.com www.example.com;
# 强制跳转 HTTPS return 301 https://$server_name$request_uri;}
server { listen 443 ssl http2; server_name example.com;
# 证书路径 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; include /etc/nginx/snippets/ssl-params.conf;
root /var/www/example; index index.html index.php;
# 前端静态文件 location / { try_files $uri $uri/ =404; }
# API 反向代理 location /api/ { proxy_pass http://127.0.0.1:8080; # 注意末尾斜杠 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
# 资源缓存 30 天 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { expires 30d; add_header Cache-Control "public, immutable"; }}4. 反向代理 + 负载均衡
# 上游后端池upstream app_cluster { least_conn; # 最少连接算法(默认轮询) server 192.168.1.10:8080 max_fails=2 fail_timeout=3s; server 192.168.1.11:8080 max_fails=2 fail_timeout=3s; keepalive 32; # 复用连接,减少握手}
server { listen 80; server_name api.example.com;
location / { proxy_pass http://app_cluster; include proxy_params.conf; # 统一头信息 }}5. 限流(漏桶)
# 定义区域:10MB 内存,速率 10r/slimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
server { location /api/ { limit_req zone=api burst=20 nodelay; proxy_pass http://app_cluster; }}6. Gzip 压缩
gzip on;gzip_vary on;gzip_min_length 1k;gzip_comp_level 6;gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;7. 浏览器缓存 & 跨域
location ~* \.(?:css|js|jpe?g|png|gif|ico|svg|webp|woff2?)$ { expires 1y; add_header Cache-Control "public, immutable"; add_header Vary Accept-Encoding;}
# CORSlocation /api/ { add_header Access-Control-Allow-Origin "$http_origin" always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept" always;
if ($request_method = OPTIONS) { return 204; }}8. 日志切割(按天 + 压缩)
/var/log/nginx/*.log { daily missingok rotate 30 compress delaycompress notifempty create 640 nginx adm sharedscripts postrotate [ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid` endscript}USR1 信号让 Nginx 重新打开日志文件(零停机)。
9. 一键 HTTPS(Let’s Encrypt)
# 安装 certbotsudo apt install -y certbot python3-certbot-nginx
# 自动获取证书并修改 Nginx 配置sudo certbot --nginx -d example.com -d www.example.com
# 模拟自动续期sudo certbot renew --dry-run# 已写入 systemd timer,默认每日凌晨检查续期10. 调试 & 排错锦囊
# 1. 语法检查sudo nginx -t
# 2. 查看编译参数 & 模块nginx -V
# 3. 打印匹配到的 server_namesudo nginx -T | grep -E 'server_name|listen' | grep -v '#'
# 4. 实时日志跟踪tail -F /var/log/nginx/access.log | grep --line-buffered 404tail -F /var/log/nginx/error.log
# 5. 压测验证ab -n 10000 -c 100 https://example.com/11. 性能调优片段
# /etc/nginx/nginx.conf 主段worker_processes auto; # 自动按 CPU 核数worker_cpu_affinity auto; # 绑定 CPU
events { worker_connections 65535; # 单进程最大连接 multi_accept on; # 批量建立新连接 use epoll; # Linux 高效事件模型}
http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; client_max_body_size 100m; # 上传大小限制}12. 常用信号表
| 信号 | 作用 |
|---|---|
nginx -s reload | 热重载配置(主进程发送 HUP) |
nginx -s quit | 优雅退出(worker 处理完当前连接) |
nginx -s stop | 立即退出 |
kill -USR1 $(cat /run/nginx.pid) | 重新打开日志(切割用) |
kill -USR2 $(cat /run/nginx.pid) | 平滑升级二进制(热升级核心步骤) |
记住三步走:
nginx -t检查语法 → 2.nginx -s reload热加载 → 3.tail -F看日志。
任何线上变更,先在测试环境验证,再灰度发布!
赣公网安备36040202000372号